[CLSA-2026:1783590754] Fix CVE(s): CVE-2025-53859, CVE-2026-28753, CVE-2026-42934
Type:
security
Severity:
Moderate
Release date:
2026-07-09 09:52:54 UTC
Description:
* SECURITY UPDATE: improper neutralization of CRLF sequences via resolved SMTP client host name used in auth_http and smtp proxy - debian/patches/CVE-2026-28753.patch: validate that the host name resolved from the client address contains only characters permitted by RFC 1034 Section 3.5, rejecting it as [TEMPUNAVAIL] otherwise - CVE-2026-28753
Updated packages:
  • nginx1.23_1.23.4-1~bookworm+tuxcare.els12_amd64.deb
    sha:2103b1bc408c76425d48817307d0a6ac5f5a7e01
  • nginx1.23_1.23.4-1~bookworm+tuxcare.els12_arm64.deb
    sha:14ebdbd98eefc7b768a955430f142e084cd96ba4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.